package com.ceadeal.admin.config.security;

import com.ceadeal.admin.config.AjaxAwareAuthenticationEntryPoint;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

/**
 * 功能描述: WebSecurityConfig
 * <p>
 * 作者: Yzw
 * 日期: 2017-03-04 11:14:25
 */
@Configuration
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public AjaxAwareAuthenticationEntryPoint ajaxAwareAuthenticationEntryPoint() {
        AjaxAwareAuthenticationEntryPoint point = new AjaxAwareAuthenticationEntryPoint("/login");
        return point;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.headers().frameOptions().disable();
//        http.exceptionHandling().accessDeniedPage("/denied");
        http.exceptionHandling().authenticationEntryPoint(ajaxAwareAuthenticationEntryPoint());

        http.authorizeRequests()
                .antMatchers("/css/**").permitAll()
                .antMatchers("/font/**").permitAll()
                .antMatchers("/image/**").permitAll()
                .antMatchers("/js/**").permitAll()
                .antMatchers("/plugin/**").permitAll()
                .antMatchers("/captcha/image").permitAll()
                .antMatchers("/open/**").permitAll()
                .antMatchers("/group/wx/**").permitAll()
                .antMatchers("/login").permitAll()
                .anyRequest().authenticated().and()
                .addFilterBefore(cupaFilter(), UsernamePasswordAuthenticationFilter.class)
                .formLogin().loginPage("/login")
                .loginProcessingUrl("/auth")
                .failureUrl("/login?error")
                .and()
                .logout()
                .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .logoutSuccessUrl("/login");
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/api/user/register");
    }

    /**
     * customUsernamePasswordAuthenticationFilter
     * @return
     * @throws Exception
     */
    @Bean
    public CustomAuthenticationFilter cupaFilter() throws Exception {
        CustomAuthenticationFilter cupaFilter = new CustomAuthenticationFilter();
        cupaFilter.setAuthenticationManager(authenticationManager());
        cupaFilter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/auth","POST"));
        return cupaFilter;
    }

}
